Commit f473aa09df675e69755797417afceb60c96e4d85
1 parent
6ff2528b
add permission check
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@1182 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
48 additions
and
26 deletions
presentation/lookAndFeel/knowledgeTree/subscriptions/addSubscriptionBL.php
| @@ -27,6 +27,19 @@ require_once("$default->fileSystemRoot/lib/subscriptions/SubscriptionManager.inc | @@ -27,6 +27,19 @@ require_once("$default->fileSystemRoot/lib/subscriptions/SubscriptionManager.inc | ||
| 27 | // page start | 27 | // page start |
| 28 | // ------------------------------- | 28 | // ------------------------------- |
| 29 | 29 | ||
| 30 | +/** | ||
| 31 | + * Checks if the user has read permission on the subscription content | ||
| 32 | + * | ||
| 33 | + * @param integer the id of the subscription content | ||
| 34 | + * @param integer the subscription type | ||
| 35 | + */ | ||
| 36 | +function checkPermission($iExternalID, $iSubscriptionType) { | ||
| 37 | + if ($iSubscriptionType == SubscriptionConstants::subscriptionType("FolderSubscription")) { | ||
| 38 | + return Permission::userHasFolderReadPermission($iExternalID); | ||
| 39 | + } else { | ||
| 40 | + return Permission::userHasDocumentReadPermission($iExternalID); | ||
| 41 | + } | ||
| 42 | +} | ||
| 30 | // only if we have a valid session | 43 | // only if we have a valid session |
| 31 | if (checkSession()) { | 44 | if (checkSession()) { |
| 32 | 45 | ||
| @@ -47,37 +60,46 @@ if (checkSession()) { | @@ -47,37 +60,46 @@ if (checkSession()) { | ||
| 47 | $iExternalID = $fDocumentID; | 60 | $iExternalID = $fDocumentID; |
| 48 | $iSubscriptionType = SubscriptionConstants::subscriptionType("DocumentSubscription"); | 61 | $iSubscriptionType = SubscriptionConstants::subscriptionType("DocumentSubscription"); |
| 49 | } | 62 | } |
| 50 | - | ||
| 51 | - if (!Subscription::exists($iUserID, $iExternalID, $iSubscriptionType)) { | ||
| 52 | - $oSubscription = new Subscription($iUserID, $iExternalID, $iSubscriptionType); | ||
| 53 | - // if we've confirmed the subscription | ||
| 54 | - if ($fConfirmed) { | ||
| 55 | - // add it | ||
| 56 | - if ($oSubscription->create()) { | ||
| 57 | - $default->log->info("addSubscriptionBL.php added subscription for userID=$iUserID, subType=$iSubscriptionType, id=$iExternalID"); | ||
| 58 | - // redirect to viewFolder or viewDocument | ||
| 59 | - $default->log->info("redirecting to " . $oSubscription->getContentUrl()); | ||
| 60 | - | ||
| 61 | - redirect($oSubscription->getContentUrl()); | 63 | + |
| 64 | + if (checkPermission($iExternalID, $iSubscriptionType)) { | ||
| 65 | + | ||
| 66 | + if (!Subscription::exists($iUserID, $iExternalID, $iSubscriptionType)) { | ||
| 67 | + $oSubscription = new Subscription($iUserID, $iExternalID, $iSubscriptionType); | ||
| 68 | + // if we've confirmed the subscription | ||
| 69 | + if ($fConfirmed) { | ||
| 70 | + // add it | ||
| 71 | + if ($oSubscription->create()) { | ||
| 72 | + $default->log->info("addSubscriptionBL.php added subscription for userID=$iUserID, subType=$iSubscriptionType, id=$iExternalID"); | ||
| 73 | + // redirect to viewFolder or viewDocument | ||
| 74 | + $default->log->info("redirecting to " . $oSubscription->getContentUrl()); | ||
| 75 | + | ||
| 76 | + redirect($oSubscription->getContentUrl()); | ||
| 77 | + } else { | ||
| 78 | + // error creating subscription | ||
| 79 | + $default->log->error("addSubscriptionBL.php error creating subscription for userID=$iUserID, subType=$iSubscriptionType, id=$iExternalID"); | ||
| 80 | + $oPatternCustom->setHtml(renderErrorPage("An error occurred while creating this subscription")); | ||
| 81 | + } | ||
| 62 | } else { | 82 | } else { |
| 63 | - // error creating subscription | ||
| 64 | - $default->log->error("addSubscriptionBL.php error creating subscription for userID=$iUserID, subType=$iSubscriptionType, id=$iExternalID"); | ||
| 65 | - $oPatternCustom->setHtml(renderErrorPage("An error occurred while creating this subscription")); | 83 | + // ask for confirmation |
| 84 | + $oPatternCustom->setHtml(renderSubscriptionAddConfirmationPage($oSubscription)); | ||
| 66 | } | 85 | } |
| 67 | } else { | 86 | } else { |
| 68 | - // ask for confirmation | ||
| 69 | - $oPatternCustom->setHtml(renderSubscriptionAddConfirmationPage($oSubscription)); | 87 | + // you're already subscribed |
| 88 | + $oPatternCustom->setHtml(renderErrorPage("You are already subscribed to the " . ($fFolderID ? "folder '" . Folder::getFolderName($fFolderID) . "'" : "document '" . Document::getDocumentName($fDocumentID) . "'"))); | ||
| 70 | } | 89 | } |
| 90 | + | ||
| 91 | + require_once("../../../webpageTemplate.inc"); | ||
| 92 | + $main->setCentralPayload($oPatternCustom); | ||
| 93 | + $main->setFormAction($_SERVER["PHP_SELF"]); | ||
| 94 | + $main->render(); | ||
| 95 | + | ||
| 71 | } else { | 96 | } else { |
| 72 | - // you're already subscribed | ||
| 73 | - $oPatternCustom->setHtml(renderErrorPage("You are already subscribed to the " . ($fFolderID ? "folder '" . Folder::getFolderName($fFolderID) . "'" : "document '" . Document::getDocumentName($fDocumentID) . "'"))); | ||
| 74 | - } | ||
| 75 | - | ||
| 76 | - require_once("../../../webpageTemplate.inc"); | ||
| 77 | - $main->setCentralPayload($oPatternCustom); | ||
| 78 | - $main->setFormAction($_SERVER["PHP_SELF"]); | ||
| 79 | - $main->render(); | ||
| 80 | - | 97 | + // no permission |
| 98 | + $oPatternCustom->setHtml(renderErrorPage("You don't have permission to subscribe to this folder or document")); | ||
| 99 | + require_once("../../../webpageTemplate.inc"); | ||
| 100 | + $main->setCentralPayload($oPatternCustom); | ||
| 101 | + $main->render(); | ||
| 102 | + } | ||
| 81 | } else { | 103 | } else { |
| 82 | // neither document or folder chosen | 104 | // neither document or folder chosen |
| 83 | $oPatternCustom->setHtml(renderErrorPage("You haven't chosen a folder or a document to subscribe to")); | 105 | $oPatternCustom->setHtml(renderErrorPage("You haven't chosen a folder or a document to subscribe to")); |